Privacy Policy

PitchEngine Studio Inc. ("PitchEngine", "we", "us") operates pitchengine.pro. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and guidance from the Office of the Privacy Commissioner of Canada (OPC).

1. Accountability and data controller

PitchEngine Studio Inc. is accountable for personal information under our control. Business Number 823456789 RC0001. Registered address: 130 King Street West, Suite 1800, Toronto, ON M5X 1E3. Privacy inquiries: [email protected]. Director of Publication: Jordan Ellis.

2. Identifying purposes

We collect personal information for identifiable purposes including: responding to contact form submissions; scheduling discovery calls; delivering contracted marketing services; maintaining client records; improving website security and performance; complying with legal obligations; and managing cookie consent preferences.

3. Consent

We obtain meaningful consent before collecting personal information except where permitted by law. Contact form submission requires explicit consent via checkbox for PIPEDA and CASL-aligned processing. Cookie analytics load only after consent through our cookie banner. You may withdraw consent subject to legal or contractual restrictions by contacting [email protected].

4. Limiting collection

We collect only information reasonably necessary for stated purposes: typically name, email, phone, company, subject selection, message content, consent records, and technical metadata such as IP address and browser type in server logs.

5. Limiting use, disclosure, and retention

We do not sell personal information. Disclosure is limited to service providers who assist hosting, email delivery, or analytics (when consented), bound by contractual safeguards. Enquiry records retained 12–24 months unless a client relationship continues. Analytics data retained up to 14 months. Server logs retained up to 90 days. Client project records retained 24–36 months after completion unless otherwise agreed.

6. Accuracy

We rely on you to provide accurate information. You may request correction of inaccurate personal information by contacting [email protected].

7. Safeguards

We implement administrative, technical, and physical safeguards appropriate to sensitivity, including HTTPS transport, access controls, and staff training. No internet transmission is completely secure; we encourage strong passwords on your systems.

8. Openness

This policy is publicly available. Questions about our privacy practices may be directed to [email protected].

9. Individual access

You may request access to personal information we hold about you. We respond within 30 days where PIPEDA requires, subject to permitted exceptions. Access requests should include sufficient detail to locate records.

10. Challenging compliance

Contact [email protected] to challenge our compliance with this policy. You may lodge a complaint with the Office of the Privacy Commissioner of Canada: 30 Victoria Street, Gatineau, QC K1A 1H3 — priv.gc.ca.

11. Cookies and similar technologies

See our Cookie Policy for categories, purposes, and management options. Essential cookies operate the site; analytics cookies require consent.

12. Cross-border processing

Hosting and email infrastructure may process data in Canada or other jurisdictions with contractual protections. We assess transfers for PIPEDA compliance.

13. Marketing communications

We send commercial electronic messages only with consent under Canada's Anti-Spam Legislation (CASL). You may unsubscribe using links in messages or by contacting [email protected].

14. Minors

Our services target business clients. We do not knowingly collect personal information from individuals under 16 without appropriate consent.

15. Breach notification

We maintain procedures to assess and report significant breaches as required by PIPEDA breach notification rules, including notification to affected individuals and the OPC when applicable.

16. Changes

We may update this policy with a revised date posted on this page. Material changes will be communicated where appropriate.

17. Service-specific processing

During marketing engagements, clients may share customer insights or research materials. We process such data only per contract instructions, apply need-to-know access, and return or delete materials per agreement schedules.

18. Automated decision-making

We do not make solely automated decisions producing legal or similarly significant effects about individuals without human review.

19. Contact

[email protected] | +1 (416) 555-0147 | 130 King Street West, Suite 1800, Toronto, ON M5X 1E3

20. Presentation project data

When clients share slide drafts, speaker notes, or audience research for pitch deck engagements, we treat those materials as confidential business records. Access is limited to assigned strategists and production staff under written confidentiality terms. Files are stored on encrypted drives during active projects and deleted or returned per contract schedules, typically within twelve months of final delivery unless a retainer continues.

21. Third-party platforms

We may use Canadian or North American hosting for file transfer during deck reviews. Each subprocessor is assessed for reasonable security practices. We do not authorise platforms to use client materials for model training or unrelated analytics.

22. Research participants

If pitch discovery includes stakeholder interviews, participants receive plain-language notices about recording, note-taking, and retention. Consent forms specify whether quotes may appear in anonymised case summaries on PitchEngine marketing properties.

23. Complaint escalation

Internal privacy complaints are logged and reviewed by [email protected] within ten business days. Unresolved matters may be referred to the OPC. We cooperate with regulatory inquiries in good faith.

24. Data minimisation in analytics

When analytics cookies are enabled, we configure tools to avoid collecting free-form text fields or precise geolocation beyond province-level aggregation where possible.

25. Employee and contractor obligations

Staff and contractors with data access sign confidentiality agreements and receive annual PIPEDA awareness reminders focused on form submissions and client file handling.

26. Record of processing

PitchEngine maintains an internal register of processing activities covering enquiry handling, client delivery, website operation, and cookie consent logs. Summaries available to enterprise clients during procurement review upon request.

27. De-identification

Where analytics permits, IP addresses are truncated and user agents hashed before storage. We periodically review analytics configurations for alignment with this policy.

28. Physical records

Printed workshop materials, if any, are shredded after digitisation unless clients request return. Locked storage applies during active projects only.

29. Privacy impact reviews

New tools undergo lightweight privacy impact review before deployment on client programmes involving personal information.

30. Contact for data breaches

Report suspected incidents to [email protected] immediately. We maintain an incident log and cooperate with OPC guidance on notification timelines.

31. Website log files

Server logs may capture IP address, request timestamp, requested URL, HTTP status, and browser user agent. Logs support security monitoring and troubleshooting. They are not used to build marketing profiles of individual visitors and are deleted on a rolling schedule not exceeding ninety days unless investigation requires temporary extension.

32. Form submission security

Contact forms use honeypot fields and referer validation to reduce automated spam. Spam submissions are deleted without response. Legitimate submissions are stored in secure mailboxes accessible only to authorised PitchEngine staff in Toronto and remote team members under confidentiality obligations.

33. Direct marketing from PitchEngine

If you enquire about services, we may send follow-up messages related to your request under CASL implied consent rules for existing inquiries. Ongoing newsletters or promotional messages require express consent. Every commercial email includes an unsubscribe mechanism.

34. Aggregated statistics

We may publish aggregated, non-identifying statistics about industries served or project types completed. These statistics never include personal information or client-identifiable performance metrics without written permission.

35. Due diligence requests

Enterprise clients may submit security questionnaires during procurement. We respond with accurate summaries of practices described in this policy. Custom data processing agreements are available for large engagements involving systematic personal information processing on your behalf.

36. Policy review cycle

PitchEngine reviews this Privacy Policy at least annually and after material changes to tools or regulations. The last updated date appears at the top of this page. Previous versions may be archived internally for compliance records.

37. Accessibility of privacy notices

We aim to present privacy information in plain language. If you require this policy in an alternative format, contact [email protected] with your request and we will endeavour to accommodate reasonable accessibility needs.

38. Linking to third-party sites

Our site may link to regulator resources, mapping tools, or font providers. Those sites have independent privacy practices. We encourage you to read their policies before submitting personal information externally.

39. Children's privacy

Our business services are not directed at children. If we learn that personal information from a child was submitted without appropriate parental consent, we will delete it promptly upon notification to [email protected].